Components
Vulnerabilities
Pricing
MCP
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
Ecosystem
Package
Version
Vulnerabilities
sonatype-2025-007718
sonatype-2025-007718
Malicious Packages - Wed Dec 31 2025 [Info Stealer]
Published Jan 3, 2026
https://help.sonatype.com/en/sonatype-malware-data.html
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2026-87.json
CVSS Score
Medium
5.3
Components Impacted
Components Impacted
Security Details
Security Details
Sonatype Research
Sonatype Research
Ecosystem
Package
Version
Ecosystem
Package
Version
npm
dux-portal-privacy
4.9.121
npm
eb-csr
9.1.143
npm
electra-web-player-event
0.0.1-security
npm
electra-web-player-event
1.0.0
npm
electra-web-player-event
3.1.143
npm
float-kit
20.1.1
npm
internal-secret-project-1234
99.99.99
npm
meta-code-verify
8.2.31
npm
okta-signin-widget
8.2.31
npm
react-server-dom-unbundled
9.2.31
pypi
sfnt2woff-zopfli
0.0.0
pypi
sfnt2woff-zopfli
17.0.0
npm
shopify-perf-kit
8.2.31
npm
shopify-perf-kit
8.2.32
npm
stitch-ui-toolbox
20.1.1
npm
vitor-js
9.3.133
npm
x-clients-features
8.2.31
1-17 of 17
sonatype-2025-007718 | Components Impacted | Sonatype Guide | Sonatype Guide
